virus logo Virus

W32/WannaCryptor!tr.ransom

description-logoAnalysis



W32/WannaCryptor!tr is a generic detection for a ransomware that utilizes exploits identified in Microsoft Windows SMB Server (4013389).
This malware is publicly known as WannaCry or WannaCryptor, and has caused some significant infection /damage on the wild. Further details can be found in this blog post.
The malware has the following indicators:


  • Figure 1: Window showing the ransom message of the malware.


  • Figure 2: Desktop wallpaper showing the ransom message of the malware.


  • Figure 3: Dropped files on both USB drives and Shared Folders.

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database./li>
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.
  • Download and install the patch for the Microsoft Windows SMB Server Vulnerability at https://technet.microsoft.com/library/security/MS17-010.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2020-08-18 79.72000 Sig Updated
ID 7362428
Released Apr 12, 2017
Description
Updated		 May 18, 2017
Aliases WannaCry, W32/WannaCryptor.D!tr, CVE-2017-0144, MS17-010, W32/Filecoder_WannaCryptor.B!tr, W32/WannaCryptor.B!tr
Platform Profile Win32 file format / PE 32 bit